Malware Analysis Report

2024-10-24 18:21

Sample ID 241018-dep33swcmj
Target 7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN
SHA256 7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fc
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fc

Threat Level: Likely malicious

The file 7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5195) files with added filename extension

Renames multiple (3941) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-18 02:55

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-18 02:55

Reported

2024-10-18 02:58

Platform

win7-20240903-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe"

Signatures

Renames multiple (3941) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre7\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre7\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACERECR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Defender\MpOAV.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Journal\Templates\Music.jtp.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe

"C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe"

Network

N/A

Files

memory/2528-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 31326ed9e6c0e37b8884eccbc8ea4de3
SHA1 c7050d34e3f6a7fbd88fd1d88dc5ce3243b366b9
SHA256 b9bc4182b889f0c2fd05656b1557d6253b7a99c39a7c9515e1da69d38b4d01da
SHA512 7aee0e4c48a2e72e6eeeb0da42670a7b6f9f99921277c9626411395863b240dcda61be1b3f3f06840c9ffc6205d5c20bd8e6518782f02d1f10b1d98da5124235

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c6e70211ef9f25629e08833a54d981d9
SHA1 333ca3de1a49421c80db699ecd620c97ee5ab4cb
SHA256 781411da60c379565386ab30490b721d721616f644defa4dfb1a109d56b9ffd2
SHA512 92faba6087644db215f7c855e7459d15367623da28852b9c327f0ba352ba89274d7a86bcccf4c1561bec5df126c98ad4800c31cad6b70a7cfa14e8ad65019adc

memory/2528-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-18 02:55

Reported

2024-10-18 02:58

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe"

Signatures

Renames multiple (5195) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\initial_preferences.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe

"C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4972-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 b8d6d57fb4507042d465529e803aa407
SHA1 ae7b54bc4c590ee037e7c09b9ce3b1f714b540a1
SHA256 213421137acf79a0b80cb5b7d56d962840ca2b0dc2f4a96d951ed768df328c50
SHA512 25e6b7a6feb9fa6e9ac6fa63272f3c060cd9fc3c5e164ef04e033ad3e31ee1b0f4dbcd0d556e6b8a65ca75f13c9a7ed04222de3b1a2a77a608da0398baf1f961

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b48ea2ed914a71d00e5ee250184aa687
SHA1 023aa29d6f679773a83a319f06f2ef2a3203e681
SHA256 9bf5538fec22959cacc9afa0509394d305253a880d8126cc4e41019890ac9931
SHA512 2f5358def598cf9a37e8f467e975b816e87b99ca1c677e9923e48fdb5d7caf54ea451d17f6c1672094f484583dcb048ad0c81661a23e33782d5bf3ffe12d1297

memory/4972-764-0x0000000000400000-0x000000000040A000-memory.dmp